<?php
// admin.php

session_start();

// 检查用户是否已登录
if (!isset($_SESSION['user_id'])) {
    header('Location: index.php');
    exit();
}

// 检查是否是 admin 用户
if ($_SESSION['username'] !== '这里更改为你的管理员账号用户名') {
    echo '需要一级权限';
    exit();
}

// 处理批量添加用户
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['add_users'])) {
    $usernames = explode("\n", trim($_POST['usernames']));
    $password = trim($_POST['password']);

    $db = new PDO('sqlite:users.db');
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    foreach ($usernames as $username) {
        $username = trim($username);
        if ($username) {
            // 检查用户名是否已存在
            $query = $db->prepare("SELECT id FROM users WHERE username = :username");
            $query->bindParam(':username', $username);
            $query->execute();
            
            if (!$query->fetch(PDO::FETCH_ASSOC)) {
                // 插入新用户
                $query = $db->prepare("INSERT INTO users (username, password) VALUES (:username, :password)");
                $query->bindParam(':username', $username);
                $query->bindParam(':password', password_hash($password, PASSWORD_DEFAULT));
                $query->execute();
            }
        }
    }
    echo '用户添加成功！';
}

// 处理用户删除
if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['delete_users'])) {
    $user_ids = $_POST['user_ids'] ?? [];

    $db = new PDO('sqlite:users.db');
    $db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);

    foreach ($user_ids as $user_id) {
        if ($user_id) {
            // 删除用户
            $query = $db->prepare("DELETE FROM users WHERE id = :id");
            $query->bindParam(':id', $user_id);
            $query->execute();
        }
    }
    echo '用户删除成功！';
}

// 获取用户列表
$db = new PDO('sqlite:users.db');
$db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION);
$query = $db->query("SELECT id, username FROM users");
$users = $query->fetchAll(PDO::FETCH_ASSOC);
?>

<!DOCTYPE html>
<html lang="zh-CN">
<head>
    <meta charset="UTF-8">
    <meta name="viewport" content="width=device-width, initial-scale=1.0">
    <title>管理界面</title>
    <link rel="stylesheet" href="//dev.dcloud.net.cn/mui/dist/css/mui.min.css">
    <style>
        .mui-content {
            padding: 20px;
        }
        .mui-card {
            margin-top: 20px;
            width: 50%;
            margin: 0 auto;
        }
        .mui-card-content{
            padding-left: 15px;
        }
        .mui-table-bordered{
            text-align: left;
        }
    </style>
</head>
<body>
    <div class="mui-content">
        <div class="mui-card">
            <div class="mui-card-header">管理界面</div>
            <div class="mui-card-content">
                <p>欢迎, <?php echo htmlspecialchars($_SESSION['username']); ?>!</p>
                <p>用户ID: <?php echo htmlspecialchars($_SESSION['user_id']); ?></p>
                <p>这里是管理功能区域，你可以添加和删除用户。</p>
            </div>
            <div class="mui-card-content">
                <!-- 批量添加用户表单 -->
                <form action="admin.php" method="post">
                    <h4>批量添加用户</h4>
                    <div class="mui-input-group">
                        <div class="mui-input-row">
                            <label>用户名（每行一个）</label>
                            <textarea name="usernames" rows="5" placeholder="请输入用户名，每行一个"></textarea>
                        </div>
                        <div class="mui-input-row">
                            <label>默认密码</label>
                            <input type="password" name="password" placeholder="请输入默认密码" required>
                        </div>
                    </div>
                    <button type="submit" name="add_users" class="mui-btn mui-btn-primary">添加用户</button>
                </form>
            </div>
            <div class="mui-card-content">
                <!-- 批量删除用户表单 -->
                <form action="admin.php" method="post">
                    <h4>批量删除用户</h4>
                    <table class="mui-table mui-table-bordered">
                        <thead>
                            <tr>
                                <th>选择</th>
                                <th>用户名</th>
                            </tr>
                        </thead>
                        <tbody>
                            <?php foreach ($users as $user): ?>
                            <tr>
                                <td>
                                    <input type="checkbox" name="user_ids[]" value="<?php echo htmlspecialchars($user['id']); ?>">
                                </td>
                                <td><?php echo htmlspecialchars($user['username']); ?></td>
                            </tr>
                            <?php endforeach; ?>
                        </tbody>
                    </table>
                    <button type="submit" name="delete_users" class="mui-btn mui-btn-danger">删除选中的用户</button>
                </form>
            </div>
            <div class="mui-card-footer">
                <a href="logout.php" class="mui-btn mui-btn-danger">注销登录</a>
            </div>
        </div>
    </div>
</body>
</html>
